background image

2 8

Security Guide

HTTP

Used when connecting to the server via the HTTP gateway. 
Connections can also be filtered using the IP Filter feature 
under Setup -> IP Filter.

NOTE: When SSL is disabled (off) other web-based logins 
provided by the Xerox FreeFlow Print Server may not be 
secure. Use the HTTPs qualifier to guarantee a secure 
interaction.

Tomcat web 
server

Required for the functionality of the Xerox FreeFlow Print 
Server Internet Services gateway and the Xerox Remote 
Services application.

IPP

Required for job submissions from the FreeFlow® Print 
Manager and/or a Digipath (FreeFlow 2.0+) client. The IPP 
gateway can be enabled/disabled under Setup -> Gateways -> 
IPP tab. Connections can also be filtered using the IP Filter 
feature under Setup -> IP Filter.

Sun RPC

Used by many different clients, including DigiPath/FreeFlow 
and Xerox FreeFlow Print Server Remote WorkFlow (DRW), 
and network services such as NIS+. Typically used to establish 
a connection to the server, which then redirects the connection 
to another open port using OS level port management. This 
service is shutdown when Xerox FreeFlow Print Server security 
is set to high. Connections can also be filtered using the IP 
Filter feature under Setup -> Security Profiles -> <Any Profile> -
> RPC tab

SNMP

Used for SNMP message exchange and traps. The SNMP 
gateway can be enabled/disabled under Setup -> Gateways -> 
SNMP.

WINS 

Required when in an environment where connection to a WINS 
server is necessary. WINS service can be enabled/disabled 
under Setup -> Network Configuration -> WINS tab.

Socket (Raw 
TCP/IP) 
Printing

Required if jobs will be submitted via the socket gateway. The 
socket gateway can be enabled/disabled under Setup -> 
Gateways -> Socket. Connections can also be filtered using the 
IP Filter feature under Setup -> IP Filter.

LPD (LP/LPR)

Required for job submissions via the LP/LPR gateway (LP/LPR 
client, Xerox FreeFlow Print Server Print Service (Reprint), 
etc.). The port assigned to the LPD can be changed and/or the 
gateway can be enabled/disabled under Setup -> Gateways -> 
LPD.

SSH

Access the server via a secure shell (SSH, SFTP, etc.). 

Network 

Protocol

Required

Содержание DocuPrint 100MX

Страница 1: ...Xerox FreeFlow Print Server Security Guide Version 6 0 January 2007 701P46740...

Страница 2: ...dicial law or hereinafter granted including without limitation material generated from the software programs displayed on the screen such as icons screen displays or looks Printed in the United States...

Страница 3: ...2 12 Executable stacks disabled 2 12 NFS port monitor restricted 2 12 Remote CDE login disabled 2 12 Xerox FreeFlow Print Server router capabilities disabled 2 12 Security warning banners 2 13 Disabli...

Страница 4: ...rkflow 2 24 Secure Socket Layer 2 24 Using the Print Server SSL TLS Security Feature 2 24 Creating and Using a Self Signed Certificate 2 25 Using an Existing Signed Certificate from a Certificate Auth...

Страница 5: ...nment To enable them to setup a customer site system administrators are expected to have a working knowledge of Local Area Networks LANs communication protocols and the applicable client platforms Con...

Страница 6: ...ustomer service call dial the direct TTY number for assistance The number is 1 800 735 2988 For additional assistance dial the following numbers Service and software support 1 800 821 2797 Xerox docum...

Страница 7: ...stem supplied profiles are default operating system only low medium and high The following table describes the characteristics of each security level and the configurable settings that restrict access...

Страница 8: ...ssword protected Auto login is enabled Environments requiring high security but with a need to integrate FreeFlow Digipath Supports FreeFlow workflow and legacy DigiPath workflow Anonymous FTP is read...

Страница 9: ...equiv IMPORTANT NOTE Removing the from the hosts equiv file will prevent the use of the Xerox command line client print from remote clients An alternative would be to remove the and add the name of ea...

Страница 10: ...client information for NIS lookups S72AUTOINSTALL Script executed during stub JumpStart or AUTOINSTALL JumpStart S72SLPD Service Location Protocol daemon S73cachefs daemon Starts cachefs file systems...

Страница 11: ...un Solstice Enterprise Master Agent Solaris SNMP services are disabled This does not prevent Xerox FreeFlow Print Server SNMP services from operating S77DMI Sun Solstice Enterprise DMI Service Provide...

Страница 12: ...remote users Gives away user information Not used by the Xerox FreeFlow Print Server fs X font server Used by CDE to dynamically render fonts The Xerox FreeFlow Print Server uses bit map fonts ktkt_wa...

Страница 13: ...rpc rusersd network username server Gives intruder information about accounts Not used by Xerox FreeFlow Print Server rpc rwalld Network rwall server Server that handles rwall 1M command requests Can...

Страница 14: ...erver Sun dr DCS Domain configuration server The Domain Configuration Server DCS is a daemon process that runs on Sun servers that support remote Dynamic Reconfiguration DR clients It is started by th...

Страница 15: ...the s option to secure file permissions for Solaris files that were created at install time only Customer generated files are not affected NOTE When this command is run a file called var sadm install...

Страница 16: ...acks disabled The system stack is made non executable This is done so security exploitation programs cannot take advantage of the Solaris OE kernel executable system stack and thereby attack the syste...

Страница 17: ...e shell internet service If you are using the legacy Xerox print command line client the software is not distributed with this release you will need to use the remote shell internet service to transfe...

Страница 18: ...ccount management Any interaction between a user and the Xerox FreeFlow Print Server is associated with a user account and is done via a logon session which is the basis for granting access Xerox Free...

Страница 19: ...ser accounts The Xerox FreeFlow Print Server provides three default user groups Users Operators and System Administrators It also supplies four default user accounts User Operator SA and CSE User and...

Страница 20: ...rs Groups menu option select the Group Authorizations tab in the interface The administrator can choose to enable or disable the service for a particular user group NOTE The following table describes...

Страница 21: ...Removable Media HIGH Nothing CUSTOM User Defined Printer Manager Finish ing Image Quality etc Enabled No Resource Management L CDS Resources PDL Fonts Forms etc Enabled Enabled No Accounting Billing E...

Страница 22: ...tomatic Logon is disabled the Xerox FreeFlow Print Server will not launch completely until users log on via a logon window This window will appear before the Xerox FreeFlow Print Server UI is displaye...

Страница 23: ...hould be obtained from the Xerox service personnel NOTE For security reasons the root account password should be changed as soon as the Xerox service personnel have completed the installation The Xero...

Страница 24: ...ng password cannot be set for root or any other Solaris user accounts that are not created by the Xerox FreeFlow Print Server NOTE Remote Network Server If running NIS name service strong passwords wo...

Страница 25: ...unts select user Password Options tab 4 Enter values in the drop down menus associated with each password expiration parameter The Xerox FreeFlow Print Server UI does not handle password expiration Th...

Страница 26: ...y Services ADS user names To provide this option the administrator must first configure the Xerox FreeFlow Print Server appropriately for the DNS gateway see the Gateway and Network Configuration sect...

Страница 27: ...e and password NOTE For this feature to work Administrators must ensure that DNS is enabled the Xerox FreeFlow Print Server is configured to join the ADS domain and ADS groups are mapped to the Xerox...

Страница 28: ...digital certificate Secure Socket Layer SSL and Transport Layer Security TLS are two network security protocols that encrypt and transmit data via HTTP and IPP over the TCP IP network SSL is a protoco...

Страница 29: ...low Print Server as System Administrator or as a user who belongs to the System Administrator group Go to Setup SSL TLS If not already enabled click the OK button in the Information pop up box Click o...

Страница 30: ...cate from a Certificate Authority If SSL TLS is not already enabled Click Add Certificate Step 1 Select Signed Certificate from a Certificate Authority Step 2 Select and enter either the server Domain...

Страница 31: ...rity The Authority returns a valid certificate that must be installed on the system NOTE A self signed certificate is not as secure as a certificate signed by a Certificate Authority A self signed cer...

Страница 32: ...to the server which then redirects the connection to another open port using OS level port management This service is shutdown when Xerox FreeFlow Print Server security is set to high Connections can...

Страница 33: ...mposition services NetAgent Secure Print MICR mode The MICR mode disables all Xerox FreeFlow Print Server features that allow additional prints to be produced such as Sample Print Reposition Output et...

Страница 34: ...e a good network citizen in response to current security intrusions Additional security beyond this remains the responsibility of the customer Xerox is constantly evaluating the security of the Xerox...

Страница 35: ...Xerox FreeFlow Print Server operates on a Solaris OS Enhancements have been made to increase security over the default OS configuration Additional Solaris patches required by the Xerox FreeFlow Print...

Страница 36: ...ne Help for security A great deal of helpful security information can be found in Online Help Sun s security tools and blueprints may be found at http www sun com solutions blueprints Other security i...

Страница 37: ......

Страница 38: ......

Отзывы: